Email address obfuscation in effect -- please
click here to turn it off.
[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
> What does it mean to "set up a public_html folder"?
Sorry, forgot to connect a dot: if the brute force attack succeeds (due
to a weak password or a lucky script-kiddie), then the attacking script
can attempt to create a public_html folder. (note, we're talking FTP or
SSH brute force attack here) If that succeeds, the script can install a
package of scripts (php, perl cgi, etc.), rootkits, the usual, that can
facilitate further experimentation. Even if you're locked down pretty
well (you're patched, rootkit fails) they have a backdoor to your
system, and can continue to look for weaknesses in your Apache setup.
And Christian, yes, it's not academic per se, it's more just something
to keep in mind as you determine your acceptable risks.
It appears that we don't have the full thread on the members list.
Perhaps you can restate the problem?
--Hardy
_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members
Home | FAQ | Server | Presentations | Mailing Lists/Archives | Member Tools | Links | Sponsors | Contact